Hi, I'm brand new to the forum. From what I've read, I'm glad to have found this site.

I started to get pop-ups to sagispul (sp?) plus my laptop was slow to boot and sometime had trouble rebooting. I followed the 8 step viruses/spyware/malware removal. I'm attaching my logs here.

My laptop seems to be fine now, but any confirmation that I was successful or other steps I need to do would be greatly appreciated. Thanks!

Attached Files

	mbam-log-2009-01-01 (22-55-02).txt (5.5 KB, 5 views)
	SUPERAntiSpyware Scan Log - 01-02-2009 - 00-22-05.log (861 Bytes, 1 views)
	hijackthis.log (13.9 KB, 8 views)

Due to the huge amount of problems noted in HJT
I think you would be best to backup any data, and re-install Windows clean
But this time don't install Symantec (Norton, that's presently running) or McAfee (running too)

If you want to try repairing it, I'll be brief

Uninstall your McAfee
Then run the removal tool: http://download.mcafee.com/products/...tches/MCPR.exe

Run the Norton Removal tool: ftp://ftp.symantec.com/public/englis...moval_Tool.exe

Run Startup Control Panel and remove any not required startups: (should be most!) http://www.mlin.net/StartupCPL.shtml

Install Avira

Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)

There you go

Hi Kimsland, thank for you responding. Could you please elaborate on the huge amount of problems noted in HJT? I'm looking for examples so I can better understand what issues HJT shows. Thank you so much for your help.

Did you restart the computer as instructed by the findings in the MBAB log? I think not!.

This time, run both MBAM & SAS until clean or until it finds something that cannot be cleaned. Look for the 'reboot' & respond if found.

Restart the computer immediately before running the HJT scan. This reflects the results of all the cleaning.

Post new logs.

Yes, I did restart both after MBAM and SAS. I don't see any of the 3 files you noted in my windows/system32 folder. Should I run MBAM and SAS again?

At the cost of 3 hours of scan-time, yes, I would rescan & post to confirm that the infection was handled. Now that MBAB has been updated to put down 'sagipsul' (or what ever the correct spelling is), it takes about 5 days for the 'beautifiers' take care of the small stuff such as this:

I ran MBAM and SAS again, as well as HijackThis. The logs for MBAB and SAS seem to indicate that the trojan/virus has been eliminated. The HJT log still shows the reference to the tkrago.dll. I'm attaching the logs. Thanks.

Attached Files

	mbam-log-2009-01-02 (19-28-05).txt (851 Bytes, 3 views)
	SUPERAntiSpyware Scan Log - 01-02-2009 - 20-34-48.log (465 Bytes, 2 views)
	hijackthis2.txt (13.5 KB, 2 views)

Logs confirm the infection was handled.

Use 'regedit' to remove references to tkrago.dll

Delete temp directory
C:\Documents and Settings\John\Local Settings\Temp

Rated questionable -
O4 - HKCU\..\Run: [Download] "C:\Temp\SSGet.exe" 120 "" "" >> SSget
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf >> tgcmd


Kimsland can weigh in on his assessment for problems with the HJT.

• Use the norton/symantec removal tool - rid computer of remnants
• Excessive startup applications
• Questionable findings

If clean, then Establish a new clean restore point and Clear your existing System Restore points:

• New
  • Go to Start > All Programs > Accessories > System Tools > System Restore>
  • Select Create a restore point> OK.
• Clear Old
  • go to Start > Run > cleanmgr > Select the More options tab >
  • Choose the option to clean up System Restore > OK
    • This will remove all restore points except the new one you just created.